- name: add totpcgi user
  user: name=totpcgi uid=501 state=present home=/var/lib/totpcgi createhome=yes system=yes
  tags:
  - config

- name: install needed packages
  package: name={{ item }} state=present
  with_items:
  - mod_auth_pgsql
  - totpcgi
  - totpcgi-selinux
  - totpcgi-provisioning
  - python-qrcode
  - httpd
  - mod_ssl
  tags:
  - packages

- name: Install the cgi apache configuration files
  template: >
    src={{ item.file }}.j2 dest=/etc/httpd/conf.d/{{ item.dest }}
    owner=root group=root mode=0444
  with_items:
  - {file: provisioning-httpd.conf, dest: totpcgi-provisioning.conf }
  tags:
  - files
  - config
  notify:
  - restart apache

- name: create directories
  file: path=/etc/{{ item }} state=directory owner=root group=totpcgi mode=750
  with_items:
  - pki/totpcgi
  - totpcgi/totp

- name: create template directory for totpcgiprov
  file: path=/etc/{{ item }} state=directory owner=root group=totpcgiprov mode=750
  with_items:
  - totpcgi/templates

- name: create /etc/totpcgi with the proper rights and owners
  file: path=/etc/{{ item }} state=directory owner=totpcgiprov group=totpcgi mode=750
  with_items:
  - totpcgi

- name: copy html files over
  copy: >
   src=html
   dest=/etc/totpcgi/templates/html
   owner=root
   group=totpcgiprov
   mode=0750
  tags:
  - files
  - config

- name: copy provisioning index file over
  copy: >
   src=provisioning.cgi
   dest=/var/www/totpcgi-provisioning/index.cgi
   owner=totpcgiprov
   group=totpcgiprov
   mode=0550
  tags:
  - files
  - config

- name: copy index file over
  copy: >
   src=index.cgi
   dest=/var/www/totpcgi/index.cgi
   owner=totpcgi
   group=totpcgi
   mode=0550
  tags:
  - files
  - config

- name: copy totpcgi.conf file over
  template: >
   src=totpcgi.conf.j2
   dest=/etc/totpcgi/totpcgi.conf
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config

# staging certs

- name: copy staging server cert file over
  copy: >
   src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt
   dest=/etc/pki/tls/certs/totpcgi-server.crt
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config
  when: env == "staging"

- name: copy staging server key file over
  copy: >
   src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key
   dest=/etc/pki/totpcgi/totpcgi-server.key
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config
  when: env == "staging"

- name: copy staging server conf file over
  copy: >
   src=totpcgi-httpd.conf.stg
   dest=/etc/httpd/conf.d/totpcgi.conf
   owner=root
   group=root
   mode=0444
  tags:
  - files
  - config
  when: env == "staging"

# prod certs

- name: copy server cert file over
  copy: >
   src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt
   dest=/etc/pki/totpcgi/totpcgi-server.crt
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config
  notify:
  - reload httpd
  when: env == "production"

- name: copy server cert file over
  copy: >
   src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key
   dest=/etc/pki/totpcgi/totpcgi-server.key
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config
  notify:
  - reload httpd
  when: env == "production"

- name: copy totpcgi httpd config
  copy: >
   src=totpcgi-httpd.conf
   dest=/etc/httpd/conf.d/totpcgi.conf
   owner=root
   group=root
   mode=0444
  tags:
  - files
  - config
  notify:
  - reload httpd
  when: env == "production"

# vpn certs

- name: copy VPN server cert file over
  copy: >
   src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt
   dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config
  notify:
  - reload httpd
  when: env == "production"

- name: copy VPN server cert file over
  copy: >
   src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key
   dest=/etc/pki/totpcgi/totpcgi-server-vpn.key
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config
  when: env == "production"

- name: copy VPN server cert file over
  copy: >
   src=totpcgi-httpd.conf.vpn
   dest=/etc/httpd/conf.d/totpcgi-vpn.conf
   owner=root
   group=root
   mode=0444
  tags:
  - files
  - config
  when: env == "production"

- name: copy ca cert over
  copy: >
   src={{ private }}/files/2fa-certs/keys/ca.crt
   dest=/etc/pki/totpcgi/totpcgi-ca.crt
   owner=root
   group=totpcgi
   mode=0640
  tags:
  - files
  - config

- name: copy provisioning.conf over
  template: >
   src=provisioning.conf.j2
   dest=/etc/totpcgi/provisioning.conf
   owner=root
   group=totpcgiprov
   mode=0640
  tags:
  - files
  - config
